[netflow-tools] softflowd & dd-wrt
Joe Courtney
JCourtney at unitedmcgill.com
Fri Apr 18 00:19:13 EST 2008
Does anyone have softflowd running successfully on an open-source
dd-wrt firmware router? I am 99% done with getting it working, but
I'm running into a problem "seeing" all the network traffic I wish to
monitor. It is probably an IPTables or routing /filtering issue or
how I've configured the IPs of my interfaces, but I can't seem to
wrap my head around the exact problem. If I can figure this out, it
is really going to be a nice way to send NetFlow data to a collector
from a cheapo $50 router.
I was able to install the Optware package for softflowd on the router
(DD-WRT v24 RC-7 (03/13/08) std). I also installed tcpdump to make
sure it wasn't an issue with softflowd (it isn't.) The problem is
I'm only seeing broadcasts on the interface I'm monitoring (no
traffic). (When setup on a full Linux box, I never had to do
anything to the interface to monitor all the traffice.) For some
reason on the dd-wrt, there is some kind of filtering happening that
is preventing softflowd and tcpdump from seeing all the traffic.
dd-wrt configuration:
[WAN] --- Port 0 --------- Vlan1 ------- Eth0
[Port1] --- Port 1 -------- Vlan0 -------- Eth0
[Port2-4] - Port2-4 ------ Vlan0 * Default Vlan for non-tagged traffic
So I have tried to use all the Ports for monitoring and many
configurations of Vlans, but no luck. I have also tried putting the
interfaces in permisc mode with ifconfig, but no luck. It seems the
router is filtering all traffic. The firewall and gatway settings
are off, the thing should be able to see all the traffic.
ifconfig:
br0s are for the Wireless (eth1. WLAN), that doesn't come into play
for this config. Below I have added a second vlan, but no luck.
br0 Link encap:Ethernet HWaddr 00:1A:70:FE:49:AE
inet addr:192.168.0.11 Bcast:192.168.3.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64919 errors:0 dropped:0 overruns:0 frame:0
TX packets:29719 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4611647 (4.3 MiB) TX bytes:12926366 (12.3 MiB)
br0:0 Link encap:Ethernet HWaddr 00:1A:70:FE:49:AE
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 00:1A:70:FE:49:AE
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:70842 errors:0 dropped:0 overruns:0 frame:0
TX packets:99384 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6515481 (6.2 MiB) TX bytes:18729587 (17.8 MiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr 00:1A:70:FE:49:B0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:1051593
TX packets:56157 errors:2011 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:4376609 (4.1 MiB)
Interrupt:2 Base address:0x5000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:5896 errors:0 dropped:0 overruns:0 frame:0
TX packets:5896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:566715 (553.4 KiB) TX bytes:566715 (553.4 KiB)
vlan0 Link encap:Ethernet HWaddr 00:1A:70:FE:49:AE
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60373 errors:0 dropped:0 overruns:0 frame:0
TX packets:29694 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4454776 (4.2 MiB) TX bytes:7696374 (7.3 MiB)
vlan1 Link encap:Ethernet HWaddr 00:1A:70:FE:49:AF
inet addr:192.168.4.19 Bcast:192.168.4.23 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:392 errors:0 dropped:0 overruns:0 frame:0
TX packets:9269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24430 (23.8 KiB) TX bytes:428006 (417.9 KiB)
vlan2 Link encap:Ethernet HWaddr 00:1A:70:FE:49:AE
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10087 errors:0 dropped:0 overruns:0 frame:0
TX packets:60451 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:765828 (747.8 KiB) TX bytes:9838153 (9.3 MiB)
default IPTables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
logdrop 0 -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460
lan2wan 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere base-address.mcast.net/4 udp
TRIGGER 0 -- anywhere anywhere TRIGGER
type:in match:0 relate:0
trigger_out 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
Chain logaccept (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Chain logdrop (1 references)
target prot opt source destination
DROP 0 -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp
reject-with tcp-reset
Thanks for any info. or comments.
Joe Courtney
**********************************************************
This email and any files transmitted with it are
proprietary, confidential and intended solely for
the use of the individual or entity to whom they
are addressed. If you have received this email
in error please notify the system manager.
**********************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20080417/eb110618/attachment.html
More information about the netflow-tools
mailing list